So if those few "trusted parties" are malicious then they can carry out a double-spending attack even though they have a tiny proportion of the total hash power, by preparing their own fork and signing it? I think that this is a bad idea, both in a technical sense, and from a PR standpoint.
Most of those trusted parties aren't mining, so they wouldn't really have the means to carry out the attack. Remember, they'd already have to have 51% of the mining power, and in my proposal, they'd have to have 51% of the "trust" (however that is allocated). This ups the ante even more. A lot of other trusted people simply won't sign a new chain of replacement blocks that just show up out of nowhere, as a matter of policy.
Someone with a policy of "I sign the first thing I see right away as I see it, and I am trusted only so long as I continue to do so" will have self-prohibited himself from signing an alternate chain that replaces blocks, because by doing so he would have met the conditions to delete himself as a trusted person. Decentralization doesn't mean "trust nobody"...could you see MtGox or Gavin trying to do a double spending attack?
For example it could take those malicious parties one day to prepare a secret fork of 6 blocks, while the rest of the network generated 144 blocks during that time, and still the malicious fork of 6 blocks will win?
I expect there should be far more trusted parties than to make this feasible. But let's suppose that happened. We would know exactly who those parties were, we'd dump them from the trust list, and then they would never have a second opportunity. Sure, Bitcoin might get some bad press, but it would also prove that the contingency plan worked. They wouldn't gain anything in the process.
You didn't describe which threshold of trusted parties would be needed? If all the parties are required then a single malicious party could cancel the entire scheme, and if a majority of the trusted party is required then a malicous majority can double-spend, etc.
I left it vague on purpose. A majority, sure. But remember there's more factors that a client can use to weigh two competing chains of blocks - Gavin enumerated a few on another thread. A flexible algorithm would be desirable over a hard and fast rule. If I have chain A and chain B competing with one another, and chain B is longer, doesn't contain any double spends against A, and contains everything from chain A, I (as an algorithm) probably should just consider choosing chain B without worrying much about majorities. On the other hand, if 6 blocks come along and purport to be better than 144 they want to replace, they may merit needing a much higher percentage of the trust than even 51% to be acceptable.
And equating mining pools with trusted parties is a step in the wrong direction imho, it would be better to think of ways to enhance security of the overall bitcoin network by decentralizing the power of mining pools, rather than giving them more power. This was discussed at
https://bitcointalksearch.org/topic/think-i-just-solved-the-pool-problem-9137 , as well as p2pool, and there's also the idea of preventing mining pools at protocol level by requiring that if you have (privkey,pubkey)=(sk,pk) and block reward address corresponds to pk then you try to generate the block by: hash(txns,nonce,sign_sk(txns,nonce))
Trust doesn't mean a block is assumed valid just because it was signed by someone special (unlike SSL for example, which does work this way, much to our demise). In this sense, a signature only means "I saw this block". I as a client should prefer a chain that I know has been seen by a lot of stakeholders, over one that has been seen by none. Having mining pools sign blocks helps everyone confirm that the mining pools are still in contact with one another and that there isn't a "net split".
Edit: on a more basic level, if we officially condone having an easily modifiable list of trusted nodes as being a correct behavior of honest clients, then in the scenario where the mining power is truly decentralized it means that it becomes easier to have clients who don't follow the same rules, i.e. more possibilities for forking the chain.
I don't see how it follows. This proposal doesn't create forks, it simply provides an element of human control over how to deal with forks if and when they happen. They have to happen first on their own, either deliberately as part of an attack, or unintentionally if there are disconnects in the network.